Skip to main content

The scariest thing about cyberwarfare

Home » Opinion

Last Modified: Tue, Jul 11 2017. 01 41 AM IST

The scariest thing about cyberwarfare

Two superpowers may be stepping up a cyberwar without the rules of engagement that protect civilians in conventional wars

Leonid Bershidsky

There’s no cyberwar equivalent of the Geneva and Hague conventions. Photo: iStock

A new report by Bloomberg News about Russia being suspected of hacking a dozen US power plants, including a nuclear one, is far more serious than any possible attempt to influence an election. It could be a sign of something even scarier: two military superpowers stepping up a cyberwar in the shadows and without rules of engagement that protect civilians from other kinds of warfare.

Attacks on power grids have a potential for mass destruction. A temporary power outage doesn’t appear to be all that threatening compared with the use of chemical, biological or nuclear weapons, but blackouts kill people even when they don’t last long. A lasting power grid breakdown could be an apocalyptic scenario, with hospitals and other critical services running out of fuel for reserve generators and unable to obtain it easily; traffic, food and water supplies disrupted; urban life plunged into chaos. And that’s before we even think of nuclear power plants getting out of control.

There is a pervading myth that nuclear facilities are “air gapped”—or completely isolated from the public internet—and that this protects them from cyber attack. Yet not only can air gaps be breached with nothing more than a flash drive (as in the case of Stuxnet), but the commercial benefits of internet connectivity mean that nuclear facilities may now have virtual private networks and other connections installed.

Stuxnet was the malware the US used in its most successful hacking operation to date, the crippling 2010 attack on the Iranian nuclear programme. It’s openly celebrated now as an example of what the US can do to an adversary’s infrastructure if it sets its mind to it. Paranoid security professionals in Russia and elsewhere have long worried about factory-installed backdoors in American-made software and equipment. National Security Agency leaker Edward Snowden revealed a range of such physical and software-based implants.

If Russia is behind the power plant hacks, they could very well be responding to US threats to deploy “implants” in important Russian networks. According to a recent Washington Post report, then president Barack Obama ordered the use of implants on Russian networks that would cause “pain and discomfort if they were disrupted”.

Russia appears to be eager to demonstrate—without admitting it—that it has a similar capability. There’s circumstantial evidence that it has messed with the Ukrainian power grid, causing two brief blackouts. The current attacks on US power plants can only loosely be attributed to any state agents, let alone to Russia, but they reportedly match the profile of earlier attacks by a hacker group which has targeted energy companies in Russia’s adversary nations.

I’ve long written that I consider the story of Russian meddling in last year’s US presidential election overblown. If the actual voting and tabulation weren’t affected—which no one appears to doubt—Americans made up their own minds how to vote; propaganda and the release of stolen emails, Russian or not, are par for the course in election campaigns. Only strong evidence of collusion between Donald Trump’s campaign and the Russian intelligence services could make this a national security problem.

Attacks on civilian services, and especially on nuclear plants, are a different matter. They are unambiguous acts of war. It is known that the US is capable of them, and it would stand to reason that Russia wouldn’t let itself be outdone. Nor would China and smaller players such as Israel or North Korea. And yet there are no rules of engagement for countries that have the capability to shut off each other’s power grids or, say, traffic light systems. There’s no cyberwar equivalent of the Geneva and Hague conventions, which set rules for the treatment of civilians and ban certain kinds of cruel weapons.

In the so-called Tallinn Manual, originally published in 2013, a group of experts working for the North Atlantic Treaty Organization (Nato) attempted to lay down some rules, warning against attacks on critical infrastructure. It specifically named hospitals and nuclear power plants as facilities that should be out of bounds. But the manual is not even an official Nato document.

In February, the United Nations Security Council unanimously adopted Resolution 2341 calling on states to arm themselves against terrorist attacks on critical infrastructure. But what about such attacks initiated by other governments, not terror groups? It’s time there were some internationally recognized principles that applied to them, defining, for example, what constitutes an attack, what response is permissible, and what can and cannot be done to civilian networks. It would be helpful to establish some international attribution mechanism; a nation’s intelligence services cannot be trusted to make an assessment that would be used to justify international sanctions.

Conventions have often been broken in wartime. Some countries still make and use chemical and biological weapons, even if they won’t openly admit it. Some militaries mistreat prisoners and kill civilians. But rules of engagement are still useful: most belligerent parties aim to act honourably and avoid being branded as war criminals. Official cyberwar rules wouldn’t stop attacks, but they would define unacceptable behaviour for all concerned. These rules are necessary before the US, Russia and China go after each other with all they’ve got, which is more than we know. Bloomberg View 

Leonid Bershidsky is a Bloomberg View columnist.

Comments are welcome at theirview@livemint.com

Leonid Bershidsky

Topics: cyber warfarehackingnuclear plant hackingTallinn ManualUS


Labels:

Comments

Post a Comment

Popular posts from this blog

200++ high pr eductinon&goverment site backline As We know how important backlinks are for rankings in Google for a blog/site and page rank which definitely is the trusted way to show how well your blog is which most advertiser look for.I have come up with top .gov & .edu website by registering where you can get backlinks easily.Sograb these backlinsk and see the magic how  your website ranks on Google with these high PR boosting .gov and .edu backlinks.A high quality backlinks worth thousands low quality backlinks, especially the one coming fromedu and .gov sites. Google loves backlinks from.edu & .gov sites and thus give your site good ranking in SERPs. An edu & .’gov backlinks is associated with an educational institute & government organization therefore considered asmost authentic and valued backlink in term of SEO because they are from non-profit source givequality information, not a spam one and since exists for long time in the field, have high ...
Post a Comment
Read more

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS http://answers.microsoft.com/en-us http://archiveoflinks.com / http://community.sitepoint.com / http://de.lirio.us / http://del.icio.us / http://dondir.com / http://filesharingtalk.com / http://forum.deviantart.com / http://forum.joomla.org / http://forums.cnet.com / http://forums.hostgator.com / http://forums.mysql.com / http://forums.searchenginewatch.com / http://simplemachines.org/community/index.php http://www.247webdirectory.com / http://www.2daydir.com / http://www.9dir.com/Submit http://www.9sites.net / http://www.9w1.net / http://www.a1webdirectory.org / http://www.abacusseo.com / http://www.abc-directory.com / http://www.abigdir.com / http://www.acewebdirectory.com / http://www.add2us.com / http://www.addbusiness.net / http://www.addlink.us / http://www.addlinkzfree.com / http://www.addsite.info / http://www.afreeurl.info / http://www.agrieducation.org / http://www.alistdirectory.com / http...
Post a Comment
Read more

Abdul hacker deface page

Abdul hacker deface page     <EMBED src=" http://greencall.co.kr/.p/we_will_not_go_down.swf " type="application/x-shockwave-flash" wmode="transparent" width="1" height="1">     <html>         <body onload="scrlsts()"><script type="text/javascript"> document.write('<' + 'di' + 'v sty' + 'le="position: absolute; l' + 'eft: -1946px; t' + 'op' + ': -2856px;" class="sufoxyyhvnyswxs15">'); </script> <a href=" http://cergyd7.dev2.cmantika.com/includes/index.php ">installment loans california bad credit</a> <a href=" http://www.diamondwares.net/logs/index.php ">online cash loan direct lenders</a> <a href=" http://armastroy.com/templates/index.php ">easy loan kota kinabalu</a> <a href=" http://www.magazinecambodia.com/templates/index....
Post a Comment
Read more

Various Forums

JuanDeLemos: 1. Kali Linux http://distrowatch.com/kali   http://www.kali.org/  http://forums.kali.org/ Kali Linux (formerly known as BackTrack) is a Debian-based distribution with a collection of security and forensics tools. It features timely security updates, support for the ARM architecture, a choice of four popular desktop environments, and seamless upgrades to newer versions. 2. Tails  http://distrowatch.com/tails  https://tails.boum.org/  https://tails.boum.org/support/index.en.html https://mailman.boum.org/listinfo/ The Amnesic Incognito Live System (Tails) is a Debian-based live CD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. To achieve this, Incognito uses the Tor network to make Internet traffic very hard to trace...
Post a Comment
Read more

Darkweb and Deepweb llinks latest 2017 Huge collection!!!!

hi guys... as u know deep web and darkweb is most dangeorus part of the internet... but without site link....what where will u surf it ... so i did some reasearch and get the collection.... hope u like it.. Gonzalo Nuñez: 1. Xillia (was legit back in the day on markets) http://cjgxp5lockl6aoyg.onion 2. http://cjgxp5lockl6aoyg.onion/worldwide-cardable-sites-by-alex 3. http://cjgxp5lockl6aoyg.onion/selling-paypal-accounts-with-balance-upto-5000dollars 4. http://cjgxp5lockl6aoyg.onion/cloned-credit-cards-free-shipping 5. 6. ——————————————————————————————- 7. 8. 9. UNSORTED 10. 11. Amberoad http://amberoadychffmyw.onion 12. KognitionsKyrkan http://wd43uqrbjwe6hpre.onion 13. Malina http://malina2ihfyawiau.onion 14. BB Compendium http://jq.26zp5ygkpszripvv.onion 15. Hackbb pages index (cauti...
Post a Comment
Read more

Tor Darkweb Link

Tor link max telegram big acker: https://cardedlxzxsphu5y.onion/ SHOP FOR BUYING CARDED PRODUCTS https://2or24opd2hkebadv.onion/index.php  TORBAY FORUM chickencaptain: http://kpynyvym6xqi7wz2.onion/ parazite files and links max telegram big acker: https://kr5hou2zh4qtebqk.onion.cab/ezines/ ARCHIEVE OF SOME VINTAGE AS WELL AS NEW STUFFS https://superkuhbitj6tul.onion/library/ LIBRARY OF BOOKS ON VARIOUS TOPICS https://yuxv6qujajqvmypv.onion/ GUIDE ON USING AN SECURE OPERATING SYSTEM https://bpo4ybbs2apk4sk4.onion/en A COLLECTION OF TOOLS RELATED TO SECURITY P4RN3R: https://ondemand5xot4hdw.onion/  Tor On Demand max telegram big acker: https://f3mnl42ax3qtu3a7.onion/ GOVT LEAKS https://kzspryu63qbjfncp.onion/  DIGITAL PAWN SHOP https://yniir5c6cmuwslfl.onion/ STRANGE WEBSITE, CANT DESCRIBE https://vrimutd6so6a565x.onion.cab/index.php/Board ANONYMOUS POSTING https://h2am5w5ufhvdifrs.onion/ CRYPTOME ARCHIVE OF GOV CONSPIRACY FILES https://torc5bhzq6xorhb4.o...
Post a Comment
Read more

how to hack cc from any website

how to hack cc from any website THINGS REQUIRED TO HACK CC INFO 1) HAVIJ PRO CLICK 2) SQLI DUMPER 3) DORKS 4) VULNERABLE SITES How to find vulnerable sites? To find vulnerable sites, you need to use the SQLi-DB and the carding dorks. Copy one of the dorks and paste it in SQLi-DB Set up the setting and click on the "scan" button Once you the scanning starts, the result will be shown in the textboxt as below CLICk on Vulnerable to filter the result and only show the vulnerable results Exploiting and dumping data Now, you need to run Havij as administrator and follow the steps below     1)Paste the vulnerable site in the  target TextBox on Havij and click Analyze     2)Click on Tables>Get Tables and you will see all the tables that are in the database     3)Now, look for a table named "Orders" or something similar. Tick the table and click on Get Columns    4)You will get the columns that are in the table "Or...
Post a Comment
Read more

Darkcomet(Powerful RAT)Setup for Hacking

Darkcomet Out of Lan Hie Today we will talk about R.A.T windows PC using NGROK ============================================ Dedicated to my indian friends Hacking windows PC Many friends has requested me to make this tutorial :) so today we are here .. Most welcome to Hexking,  jama7 , R00t Destroyer , gaurav , Red Hex , Dreagon Dreagon , vampire kid and all the supporters of lulzsec india Lets start ... =========================================== For this you need 1) Ngrok (for forwading) 2) DarkComet (RAT) 3) Victim ( in india we call it as bakra ) 4) Brain.exe --------------------------------------------------------------------------- So for this Tutorial we are using DarkCometRAT531  Original you can download it from google no link will b provided Now we need to run ngrok ( IF YOU DON'T KNOW ABOUT NGROK GO TO MY BLOG AND SEE THE FIRST POST ) shown in below images : NGROK you need to open DarkComet there you will find Socket/NET it will b in last tab...
Post a Comment
Read more

open a new bitcoin account and made double money

open a new bitcoin account and made double money MenuAbout UsContact Us Privacy Policy Disclaimer Sitemap  Main MenuBlogging tipsBlog designing  Blog traffic How TosMake Money Online  How to open a bitcoin account, earn, double your earnings and withdraw your money to physical cash. Bloggers Prof 11:12:00 AM  4 I recently discovered that people are now interested in bitcoin because of its high rate of popularity now in telegram, but nevertheless, I would be talking today on  how to get money into your bitcoin wallet  and how to go about your funds, weather you would withdraw it or you sell it to someone, I talked about everything you need to know about bitcoin and how to create your wallet, create your wallet let's move to today's deal. There are many ways to get  money into your wallet,   you can buy and you can also earn it , I want to show you list of sites you can earn bits from fast, Afte...
Post a Comment
Read more

Blogs on Computer Security:

Blogs on Computer Security: https://antelox.blogspot.com / http://www.dumpanalysis.org/blog / http://www.abuse.ch / http://zairon.wordpress.com / http://androguard.blogspot.com / http://blog.w4kfu.com / http://akhenath0n.blogspot.com / http://diarrlf.wordpress.com / http://deobfuscated.blogspot.com / http://www.h-i-r.net / http://mysterie.fr/blog / http://www.skullsecurity.org/blog / http://www.wrgross.com/blogs/security / http://net-effects.blogspot.com / http://eiploader.wordpress.com / http://cyb3rsleuth.blogspot.com / http://0entropy.blogspot.com / http://siri-urz.blogspot.com / http://newsoft-tech.blogspot.com / http://www.ragestorm.net/blogs / http://codeexploration.blogspot.com / http://esploit.blogspot.com / http://thexploit.com / http://mysterie.fr/blog / http://bailey.st/blog / http://touchmymalware.blogspot.ru / http://blog.delroth.net / http://novahackers.blogspot.com / http://greatis.com/blog / http://mcdermottcybersecurity.com / http://grand...
1 comment
Read more